dan/certifix
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

improve README

Browse Source
This commit is contained in:
Daniel Barlow 2024-09-25 12:01:21 +01:00
parent 8a7287d552
commit ed53c967d7
2 changed files with 31 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

17
README
View File

@ -7,16 +7,23 @@ but without the rest of Puppet
[ This README is speculative ] [ This README is speculative ]
--- ## Try it out
DOMAIN="/C=GB/ST=London/L=London/O=Telent"
```
# create CA key and cert
openssl genrsa -out ca.key 4096 openssl genrsa -out ca.key 4096
openssl req -x509 -new -nodes -key ca.key -sha256 -days 3650 -subj "${DOMAIN}/CN=CA" -out ca.crt CN=CA openssl req -config openssl.cnf -x509 -new -nodes -key ca.key -sha256 -days 3650 -out ca.crt
openssl req -newkey rsa:2048 -nodes -keyout domain.key -out domain.csr -subj "${DOMAIN}/OU=devices/CN=rotuer" # create client CSR
CN=rotuer openssl req -config openssl.cnf -newkey rsa:2048 -nodes -keyout client.key -out client.csr
# start the server
bin/certifix
# send it
curl -v -H 'content-type: application/x-pem-file' --data-binary @client.csr http://localhost:8201/sign
```
https://www.puppet.com/docs/puppet/7/ssl_attributes_extensions#csr_custom_attributes-recommended-oids-custom-attributes https://www.puppet.com/docs/puppet/7/ssl_attributes_extensions#csr_custom_attributes-recommended-oids-custom-attributes

19
openssl.cnf Normal file
View File

@ -0,0 +1,19 @@
[ req ]
default_bits = 2048
distinguished_name = req_distinguished_name
attributes = req_attributes
prompt = no
dirstring_type = nobmp
[ req_distinguished_name ]
countryName = GB
stateOrProvinceName = London
localityName = London
organizationName = Telent
commonName = $ENV::CN
[ req_attributes ]
challengePassword = loves labours lost